CVE-2024-56494 IBM EntireX information disclosure

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system...

CVE-2024-56494

IBM EntireX 11.1 contains CVE-2024-56494, a local information-disclosure vulnerability where detailed error messages reveal sensitive information. Affected: IBM EntireX 11.1; root cause: generation of error messages containing sensitive information (CWE-209). CVSSv3.1: 3.3 (LOW). Remediation: app...

CVE-2024-56812 IBM EntireX information disclosure

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system...

CVE-2025-21747

In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling the video signal, while the timeout is only 200 msec. This results in a kernel error message. Increase the...

CVE-2025-21747 drm/ast: astdp: Fix timeout for enabling video signal

In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling the video signal, while the timeout is only 200 msec. This results in a kernel error message. Increase the...

CVE-2025-21747

The CVE-2025-21747 entry concerns the Linux kernel DRM AST driver (drm/ast: astdp) where the video-signal enable path could trigger a kernel warning due to an insufficient timeout. Root cause: a timeout too short (200 ms) for enabling the ASTDP transmitter; the system may log a WARN_ON in ast_dp_...

CVE-2025-21747

In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling the video signal, while the timeout is only 200 msec. This results in a kernel error message. Increase the...

IBM EntireX 安全漏洞

IBM EntireX is a versatile middleware solution from International Business Machines IBM designed to facilitate seamless integration between core enterprise applications and modern applications. A security vulnerability exists in IBM EntireX version 11.1 that originates from the return of a Detail...

IBM EntireX 安全漏洞

IBM EntireX is a versatile middleware solution from International Business Machines IBM designed to facilitate seamless integration between core enterprise applications and modern applications. A security vulnerability exists in IBM EntireX version 11.1 that originates from the return of a Detail...

PT-2025-8955 · Ibm · Ibm Entirex

Name of the Vulnerable Software and Affected Versions: IBM EntireX version 11.1 Description: A local user could obtain sensitive information when a detailed technical error message is returned, which could be used in further attacks against the system. Recommendations: For IBM EntireX version 11....

Recommended update for Maven

This update for Maven fixes the following issues: maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: Key changes across versions: Bug fixes and improved support of dynamic types Dependency upgrades ASM, Maven core, and notably the removal of commons-io Improved error handling by...

CVE-2022-49520

In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESRELx for a bad syscall If a compat process tries to execute an unknown system call above the ARMNRCOMPATEND number, the kernel sends a SIGILL signal to the offending process...

Drupal core - Critical - Cross site scripting - SA-CORE-2025-001

Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. Sites are encouraged to update. There are not yet public documented steps to exploit this, but there may be soon given the nature of this issue. This...

CVE-2024-13540

The WooODT Lite – Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the /inc/bycwooodtgetallorders.php file being publicly accessible and generating a publicly visible error...

Unspecified Vulnerability in IBM ApplinX (CNVD-2025-04982)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A security vulnerability exists in IBM ApplinX. An attacker could exploit the vulnerability to obtain sensitive information when the browser returns a...

Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint

Description Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL via the s3endpoint parameter. This endpoint U...

CVE-2024-52611

The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions...

CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message...

CVE-2025-0513

CVE-2025-0513 affects Octopus Server; root cause is unsafe handling of error page messages. If an attacker can influence any part of an error message, they may embed code, potentially affecting the user viewing the error. Documents provide CVSS v3.1 (Base 5.4, Network, Low privileges, User intera...

CVE-2024-52611

The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions...